Topic '[Credit Card Fraud] Rebatesoft' in forum 'Scam and Phishbusters' - dslreports.com

Re: [Credit Card Fraud] Rebatesoft

Thu, 23 Apr 2009 12:52:15 EDT

anon posted : I had a $5.60 charge from Rebatesoft on my credit card. It had a phone # next to the name and I called it and it was a woman on an answering machine saying to leave a message, your call is very important to us and they'd call back later. Needless to say they never called back. The # is 888-218-4395. I'd like to know how they got my credit card #.

Re: [Credit Card Fraud] Rebatesoft

Thu, 16 Apr 2009 13:59:42 EDT

MGD posted : EDIT=Duplicate post

Re: [Credit Card Fraud] Rebatesoft

Thu, 16 Apr 2009 13:53:41 EDT

MGD posted :

said by Whip:

quote:
Make 200 a day without breaking a sweat
Apr 11 2008
Join The Millionair's Club

Let our team help you build your business.

3 levels of entry, as low as $10.00 one time

..
..
.
John M Ellis
888-218-4395
johnellis58@gmail.com

..
.

Indeed, Rebatesoft is still at it. Looks like they are in for the long haul. Really need to track down the acquirer bank and nuke the merchant account. Though it is possible that they have already burned through at least one.

I suspect from a quick review that there may be no connection between the "Apr 11 2008" posting entity and rebatesoft. The time frame is different, rebatesoft.us was not registered until later on.

Most of these toll free numbers come from services such as ringcentral. They are cheap voip set ups, and can be set up from an online registration using anyone's credit card. That is what makes them ideal for cyber criminals. The numbers are rotated frequently as the service is month to month. One entity can have that number one month and it can be assigned to an unrelated entity the next month. Finding simultaneous use is the best way to begin an attempt to link them. While this does not automatically clear the April 08 use, it is however likely that rebatesoft did not obtain the number until on or after August 19th 2008, which is when the domain was registered.

MGD

Re: [Credit Card Fraud] Rebatesoft

Thu, 16 Apr 2009 13:34:27 EDT

MGD posted :

said by Chupchakes :

Be warned! Rebatesoft 888-218-4395 MA (number disconnected) charged my account $5.60 on 04-08-09. This charge predated $715.53 in fraudulent charges in TN and MO all within 45 mins of each other on 04-09-09.
......
..
Surely a person spending over $150 at a store has to pass at least one security camera along the way. Maybe stores should start putting cameras right on the check out counters to capture the face of anyone using stolen ID's. Receipts and camera's could work together to time stamp every individual that goes through the line. Until stores are willing to do that, this will only continue to get worse.

Thanks for posting,

They do have cameras focused on the checkouts, Walmart has them on all registers. It is those stores that will have to eat the loss from those fraudulent transactions, and they may be content to just write it off. Unfortunately in these cases, that same user probably has dozens of cloned cards and is operating with a group of individuals. They are missing an opportunity by failing to follow up. This is rarely one individual with one card.

MGD

Re: [Credit Card Fraud] Rebatesoft

Thu, 16 Apr 2009 11:50:01 EDT

Whip posted : After seeing the post from r2d21477 here:

»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

quote:
I just received fraudulent charge listed as Rebatesoft on CC dated 3/23/09. Phone number given to CC Co = 888-218-4395 - with only vmail access when called.

Obviously these guys are still continuing. Cancelling CC and watching all others. I had this CC listed on Pay Pal - but never stayed at a Marriott, though so the commercial link breech is still not clear.

The phone number 888-218-4395 comes up here in a search:
»www.apsense.com/content/1572-110578.html

quote:
Make 200 a day without breaking a sweat
Apr 11 2008
Join The Millionair's Club

Let our team help you build your business.

3 levels of entry, as low as $10.00 one time

This is a fun club with lots of support with my help you can retire in 6 Months making $200 Daily

Team Stats: 26 DAYS - 400+ Sign Ups.

Get A FREE Advertising Co-Op Position and
Let me teach you how to get 50,000
guaranteed visitors to your website

There has never been a program like this before.

Don't miss our call or you will hate yourself for it later.

Phone me for details and/or go to:

»viralurl.com/jme5701/Club

Look forward to talking with you soon

While you're here check out this free ebook it will make a great difference in your results for any affiliate or mlm program it's my gift to you just for clicking on my email go to:

»viralurl.com/jme5701/7lies

have a great and prosperous day

John M Ellis
888-218-4395
johnellis58@gmail.com

Some charges as recent as late March/early April:

»800notes.com/Phone.aspx/1-888-218-4395

»whocallsme.com/Phone-Number.aspx/8882184395

This number is listed earlier in this thread.

Re: [Credit Card Fraud] Rebatesoft

Fri, 10 Apr 2009 15:45:59 EDT

anon posted : Be warned! Rebatesoft 888-218-4395 MA (number disconnected) charged my account $5.60 on 04-08-09. This charge predated $715.53 in fraudulent charges in TN and MO all within 45 mins of each other on 04-09-09.
$188.47 to Krogers in Clarksville TN
$186.28 to Walmart in Troy, MO
$179.28 to Krogers in Troy, MO
$160.90 to Krogers in Troy, MO
The last two charges at Krogers were in the same store exactly one minute apart. The Wal-mart trip was only 22 mins earlier than Krogers. So, I'm guessing that more than one person was working this.

Luckily for me, my bank (West Coast Bank) realized that I was in Dallas, TX at the exact same time, so they called me and put an end to it. I shudder to think how much they could have gotten out of my account if I had not gotten the call.

Here's the rub...Neither Wal-mart nor Kroger's has any plan of action for prosecuting. They just refer you to their loss mitigation departments. So when are these large companies going to start going after these criminals? Surely a person spending over $150 at a store has to pass at least one security camera along the way. Maybe stores should start putting cameras right on the check out counters to capture the face of anyone using stolen ID's. Receipts and camera's could work together to time stamp every individual that goes through the line. Until stores are willing to do that, this will only continue to get worse.

Re: [Credit Card Fraud] Rebatesoft

Tue, 07 Apr 2009 00:23:32 EDT

MGD posted :

said by ptaware:

.... Does anyone know how this company is getting our account numbers? Should I be concerned about my other credit cards

No, not with any certainty. However, it is not just this "company". This is just one of 40 to 50 fraud sites operating at any given time that are controlled by an organized crime syndicate operating from Russia.

There is no reason to cancel cards that have not been hit with the fraudulent charge. There have been other victims who were hit on multiple cards. It is the first fraudulent small charge which serves as a notification that that card data has been compromised. Immediately cancelling and replacing the compromised card, and reporting the charge as fraudulent, which you have done, is the standard operating procedure when hit.

MGD

Re: [Credit Card Fraud] Rebatesoft

Mon, 06 Apr 2009 21:38:57 EDT

ptaware posted : I just contacted Chase about a similar charge on my account from REBATESOFT for $5.60. The contact number on the statement number listed is 888 216-4395 and is a recorded message that doesn't sound very professional. I left 3 messages and never received a response. Definitely fraudulant. Chase has reversed the charges and my card has been cancelled. Does anyone know how this company is getting our account numbers? Should I be concerned about my other credit cards

Re: [Credit Card Fraud] Rebatesoft

Mon, 06 Apr 2009 21:38:27 EDT

ptaware posted : I got hit as well on my Chase card for $5.60. Cancelled my card and Chase removed the charge. Does anyone know how these scammers might have accessed our card numbers?

Re: [Credit Card Fraud] Rebatesoft

Mon, 30 Mar 2009 21:40:27 EDT

designwebs posted : I got hit today. Did anyoen ever find out where this stuff was coming from?

Re: [Credit Card Fraud] Rebatesoft

Tue, 24 Mar 2009 16:29:41 EDT

MGD posted :

said by Dani75 :

...... but I want to know if Paypal records have been compromised.

So far there is nothng to indicate that Paypal issued cards are being hit in any significant numbers by the fraud.

There is anecdotal evidence that may indicate that the fraudulent merchant account originating the charges may have been obtained via Paypal, a different issue. Though the responsible organized crime syndicate has for years used hijacked Paypal merchant accounts to run massive pre authorization ping charges as a method of pre validating the card data, they ae not known to set up PayPal merchant accounts for fraud processing due to the numerous restrictions.

The processing system has adapted to the pre authorization pinging tactic by flagging merchant accounts that submit repeated ping pre authorizations. In some case the accounts are automatically suspended based on ping volume, and the system will reject any authorizations after the trigger is hit.

One result of that change may have been the recent reports of thousands of consumers complaining of actual ping charges in ~ $0.10 to $0.15 range. Ideally criminals want to pre authorize, and not actually process the charge. A pre authorization rolls off within 24 to 48 hours and will not be seen by most consumers, unless the monitor their accounts online. The actual completed ping charges may have been the result of pre auths being blocked, and it was the only way the criminals could validate the numbers. Having the charge complete was dumb, because that process in itself was an alert to attentive consumers, unlike the usual pre auth that would disappear.

MGD

Re: [Credit Card Fraud] Rebatesoft

Tue, 24 Mar 2009 16:01:02 EDT

anon posted : I too have been hit by REBATESOFT on 03/16 for $5.60. Has anyone been in touch with Paypal about this? The bank has cancelled my card and reimbursed me for the transaction, but I want to know if Paypal records have been compromised.

Re: [Credit Card Fraud] Rebatesoft

Tue, 24 Mar 2009 10:05:40 EDT

mosaic_soup posted : I just today received a pending charge on my debit card for $5.60 from Rebatesoft. Found this thread via internet search. Already canceled card and was given same phone number as above from customer service rep. This card was linked to my paypal account.

Thanks for your help.

Re: [Credit Card Fraud] Rebatesoft

Mon, 23 Mar 2009 21:02:16 EDT

MGD posted : Whip is correct, this Rebatesoft fraud entity has been going on for months now. There is no question that it is part of the Devbill organized crime syndicate. »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Multiple victims have reported tandem charges from the other divisions, including this one from the US strawberry division:

quote:
cmcart - 30 Dec 2008
Same thing, Charge from Rebatesoft for $7.50 on the 24th. This is the phone number given to me by my CC. Had a another fraudulent charge a week earlier for $11.89 for a Croll Associates. Called the number and was told it was a template for a webpage they sell and was told i would be refunded.

[att=1]
»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

To second what garys_2k has posted, it is imperative that you report the charge as fraudulent, and cancel and replace the card. Once your card gets hit by these criminals, your card data has been compromised. They will continue to process fraudulent charges against it, regardless if you have the first charges reversed/ disputed. Your only recourse to stop the continuing fraud process is to have the card number cancelled and replaced.

There is at least one victim report that may indicate that the merchant account responsible for this was set up through PayPal.

quote:
I noticed a pending charge to my business Mastercard for $7.50 from PayPal.
That’s strange; I didn’t think I owed PayPal money for anything, and why
would they hit my charge card rather than my PayPal account, or maybe my
linked checking account? Maybe they were doing a routine card authorization
check...but those usually use $1, not $7.50.

When the charge settled, the payee's name changed to Rebatesoft. That’s even
stranger. Who? When I googled them I found multiple forums dealing with
credit card fraud. Maybe Rebatesoft is laundering stolen credit card numbers
prior to selling them. It's unclear whether Rebatesoft is the actual thief,
or a willing accomplice, or an unwilling tool.

Ref:»curiocityonline.blogspot.com/200···ers.html

That is not the first reference that I have ran across on this fraud that mentioned PayPal, however it is unusual. PayPal merchant accounts are not conducive for a fraud operation such as this. Unlike merchant accounts that originate at banks, PayPal usually holds a high reserve on the funds, and an extended hold period, in order to protect themselves from chargebacks.

If any recent Rebatesoft fraud victim can provide me with the ARN (Acquirer Reference Number, usually 23 digits) for the fraud transaction. I can forward it to a financial system security contact, who may be able to track down the acquirer bank where this fraudulent merchant account originated from, and have the account shut down. On credit card fraud charges the ARN should be listed on the line item of your statement, however on debit transactions you may have to call your bank and ask for the relevant ARN number.

Though the ARN is a transaction number and unrelated to your card number, nevertheless do not post it on the thread as it is a unique identifier. You can send it to me via Instant Message, but will need to sign up on the forum in order to do so, which is free.

MGD

Re: [Credit Card Fraud] Rebatesoft

Mon, 23 Mar 2009 19:29:15 EDT

anon posted : I too also got a change from Rebatesoft labeled as "ATM REBATESOFT8882184395 MA" on 3-17-09 for $5.60 on my debit MasterCard. Canceled card and issued a fraud report though issuing bank which says they pass it on to the feds. Thanks for posting and getting this information in the open.

Re: [Credit Card Fraud] Rebatesoft

Mon, 23 Mar 2009 17:22:42 EDT

garys_2k posted :

said by didnt get me :

I got hit with the same $5.60 charge with "REBATESOFT 8882184395 MA" as the description. Called my bank and had the charge removed with no questions asked. There must be many other requests.

Call your bank back and tell them to cancel your card, its number is in criminal hands, and that you want to (demand it if they try to argue) file a fraudulent transaction report. This is NOT a "dispute," don't try to let them persuade you that it is or that canceling this one transaction is all that's needed.

Re: [Credit Card Fraud] Rebatesoft

Sun, 22 Mar 2009 11:47:43 EDT

anon posted : I got hit with the same $5.60 charge with "REBATESOFT 8882184395 MA" as the description. Called my bank and had the charge removed with no questions asked. There must be many other requests.

Re: [Credit Card Fraud] Rebatesoft

Thu, 19 Mar 2009 00:58:09 EDT

anon posted : RebateSoft hit my chase card yesterday for $5.60. Never heard of them it must be a scam. I closed the account before any addition charges show up.

Re: [Credit Card Fraud] Rebatesoft

Sat, 14 Mar 2009 22:18:13 EDT

Whip posted : It appears MGD's advice was taken:

quote:
Registrant:
Andrew Koptyaev
Obvodnyi kanal street 69/62
Arkhangelsk, 163046
Russian Federation

Registered through: GoDaddy.com, Inc. (»www.godaddy.com)
Domain Name: REBATESOFT.COM
Created on: 26-Feb-07
Expires on: 26-Feb-10
Last Updated on: 24-Feb-09

Administrative Contact:
Koptyaev, Andrew koptyaev@gmail.com
Obvodnyi kanal street 69/62
Arkhangelsk, 163046
Russian Federation
9212434434 Fax --

Technical Contact:
Koptyaev, Andrew koptyaev@gmail.com
Obvodnyi kanal street 69/62
Arkhangelsk, 163046
Russian Federation
9212434434 Fax --

Domain servers in listed order:
NS43.DOMAINCONTROL.COM
NS44.DOMAINCONTROL.COM

Not to be confused with the above as it seems to be proven that the .com site is not the fraud, there are some newer charges being performed by the .us ring.
»800notes.com/Phone.aspx/1-888-218-4395

Re: [Credit Card Fraud] Rebatesoft

Thu, 05 Mar 2009 16:09:47 EDT

anon posted : I just got hit by rebatesoft as well. I noticed the charge when it was still pending and at that time it said "paypal." Once it went through though, it read "CHECK CRD PURCHASE 03/02 REBATESOFT 888-218-4395 MA" At first I left a message at the phone number and waited a couple days. Decided today to google it (why did I wait so long?) and found SO MUCH! I immediately called and cancelled my card and my bank suggested a set up a separate checking account solely for online purchases. A great idea! I did it.

Re: [Credit Card Fraud] Rebatesoft

Tue, 03 Mar 2009 16:09:18 EDT

anon posted : I too was just hit with a charge from rebatesoft ma with a
number of 888 218 4386 but now the amount is $5.60. I cancelled my card immediately, thanks to this posting. I called the phone number and it is just a recording. Thanks

Re: [Credit Card Fraud] Rebatesoft MA

Mon, 02 Mar 2009 19:34:41 EDT

anon posted : I was also charged $7.50 on Feb. 14, 2009! The number the card company gave me is (888)218-4395. I called and got a recording, will try again tomorrow. I cancelled my card.

Re: [Credit Card Fraud] Rebatesoft

Thu, 19 Feb 2009 13:17:31 EDT

anon posted : I was hit on Feb 14th, 2009 with the $7.50 charge. I will tell everyone I know about this scam.

Re: [Credit Card Fraud] Rebatesoft

Sat, 14 Feb 2009 16:46:06 EDT

MGD posted :

said by andreyka:

I am Andrew Koptyaev.

Thank you for introduce people with me. :-)

My RebateSoft.com realy not charge anybody cards. All payment going via RegNow system.

Good bye.
With love from Russia. :-)

You are welcome, and yes that is true andreyka , RebateSoft.com was NOT processing fraud charges, nor did it have its own merchant account. As you stated, rebatesoft.com processed charges through and under REGNOW.

Unfortunately you became famous because of the confusion with the charge card fraud laundering operation of REBATESOFT.US, which was set up by this organized crime syndicate: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

MGD

Re: [Credit Card Fraud] Rebatesoft

Sat, 14 Feb 2009 15:58:56 EDT

andreyka posted : I am Andrew Koptyaev.

Thank you for introduce people with me. :-)

My RebateSoft.com realy not charge anybody cards. All payment going via RegNow system.

Good bye.
With love from Russia. :-)

Re: [Credit Card Fraud] Rebatesoft

Sat, 17 Jan 2009 18:40:22 EDT

anon posted : just got hit And I have never had anything strange in over 20 years of BofA activity.... Said: CHECKCARD REBATESOFT
888-218-4395 ME ON ...

Re: [Credit Card Fraud] Rebatesoft

Thu, 15 Jan 2009 22:08:26 EDT

anon posted : I just got hit with the same charge on a card I barely use. $7.50. Already cancelled it.

Re: [Credit Card Fraud] Rebatesoft

Thu, 15 Jan 2009 12:00:55 EDT

anon posted : I too was hit this morning for the same $7.50 amount. The number listed on my e-statement was 888-218-4395. Thanks for everything you are doing.

Re: [Credit Card Fraud] Rebatesoft

Thu, 15 Jan 2009 00:54:37 EDT

anon posted : I was just hit by this bastard and found this forum through google search. Continue to do what you can to expose who this is.

Re: [Credit Card Fraud] Rebatesoft

Tue, 13 Jan 2009 10:51:47 EDT

MGD posted : I neglected to mention another remarkable fact about REBATESOFT.US regarding its former hosting location of:

REBATESOFT.US = IP 66.199.253.242 [66-199-253-242.reverse.ezzi.net]

That hosting location was coincidentally three doors up from the $7.20 fraud card charging site of:

GETNEWITEMS AKA GETNEWONE.ORG is hosted on ezzi.NET at IP 66.199.253.246 [reverse DNS - 66-199-253-246.reverse.ezzi.net]

and its dormant clone:

HQS HOSTING AKA HQSOSTING.COM is hosted on ezzi.NET at IP 66.199.253.245 [reverse DNS- 66-199-253-245.reverse.ezzi.net]

Discussed here:»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

MGD

Re: [Credit Card Fraud] Rebatesoft

Sun, 11 Jan 2009 03:46:47 EDT

pcdebb posted : the address is in a nice residential area, the specific address is in a cul-de-sac. the name on the domain registration is slightly different than the owner of the home according to public record, they share last name only, so possibly husband/wife scenario.
--
| map your city |

Re: [Credit Card Fraud] Rebatesoft

Sun, 11 Jan 2009 00:20:51 EDT

MGD posted : I believe I reversed checked the location on Google SAT Maps. Based on the fact that they used that address for both the domain, and listed it on the website. Then it is the last place on the planet that anyone remotely connected to the fraud is located at.

If it is on your route anyway then it would be interesting to know what is there. I am not sure if they pulled it from a directory, or if there was another reason. i do not even suspect it as a mule location either, as it would not be listed on the website.

That part that bothered me is that When I first posted about both rebatesoft.com and rebatesoft.us, I ran a check for duplicates of rebatesoft.us and found a second clone site. I did not record it and cannot remember it now. I clearly blew it at the start, I didn't even pull a screen shot of either one. In hindsight, that rebatesoft.us screamed scam.

MGD

Re: [Credit Card Fraud] Rebatesoft

Sat, 10 Jan 2009 22:05:48 EDT

pcdebb posted : want me to do a drive by on the Brandon FL address? thats a suburb of Tampa, which I just happen to live in.....

nice area on Charles Pl.

--
| map your city |

Re: [Credit Card Fraud] Rebatesoft

Sat, 10 Jan 2009 01:57:49 EDT

MGD posted :

said by MGD:

......................
By the way, I am presuming the charge is coming from rebatesoft.com and not rebatesoft.us, because there are numerous other complaints also. See: »www.debtconsolidationcare.com/pu···482.html

I want to issue a correction to my presumption above. I picked up this rebatesoft fraud charging again, as part of the Devbill/DigitalAge/Pluto massive card fraud operation. I have been digging in to rebatesoft as a result of that, and will publish more info on it in the other thread. I will edit and place a link here to the specific post when it is done.

Many other fraud victims made references to rebatesoft.com also. I am not sure if that was what the bank told them in error, or if they just presumed the .com. However the ongoing investigation clearly links the now defunct REBATESOFT.US domain tot he fraud and NOT rebatesoft.com. In fact, I recall that there was a partner site as well to the .US domain, but I did not keep a record of it. At the time of my original postings REBATESOFT.US was still up. Here is a cache of the site:

[att=4]

I realize tha the listed address in Florida, does not match to the state that the charge is showing originating from:

$7.50 charge from REBATESOFT in MA

However that is now becoming a common theme with this new tangent fraud. There appears to be multiple merchant accounts in various states attached to the names.

Though the rebatesoft.com is cloaked in privacy, I have located who the registrant is: Andrew Koptyaev

[att=1]

His home page of »www.koptyaev.com even has a copy of the regsoft.com page attached to it:

Translation reference:»translate.google.com/translate?h···_state0=

[att=2][att=3]

I can also confirm that, as stated, rebatesoft.com has been billing through regnow, even before this started.

Andrew Koptyaev also advertises his services on oDesk.com

»www.odesk.com/users/Professional···7268e2f8
Snapped 2009-01-10 01:43:53

Andrew can also be found back in 2007 discussing his site on Usenet PHP Programming Forums: »www.usenet-forums.com/php-langua···ite.html

He can also be found posting on numerous sites where fraud victims are, rpeatedly telling victims that it is not coming from rebatesoft.com. All the evidence indicates that he is correct. His site has been around a lot longer. Andrew appears to be an unintended joe job victim of cyber criminals from his own country. Andrew would have been much better off had he registered rebatesoft.com in the open just like he did his home site:


 
domain:     COMPELLA.RU
type:       CORPORATE
nserver:    ns43.domaincontrol.com.
nserver:    ns44.domaincontrol.com.
state:      REGISTERED, DELEGATED
person:     Andrey G Koptyaev
phone:      +7 9214808444
fax-no:     +7 9214808444
e-mail:     koptyaev@gmail.com
registrar:  REGTIME-REG-RIPN
created:    2007.04.20
paid-till:  2009.04.20
source:     TC-RIPN

.
So to set the record straight rebatesoft.com does not appear to be connected with the rebatesoft fraud charges. The criminal domain is/was rebatesoft.US, which appears to have a bogus domain registration:


Domain Name:                                 REBATESOFT.US
Domain ID:                                   D17555846-US
Sponsoring Registrar:                        TUCOWS INC.
Registrar URL (registration services):       whois.opensrs.org
Domain Status:                               ok
Registrant ID:                               TUHOT1KP8KGEIHW3
Registrant Name:                             Scott Conley
Registrant Organization:                     ReBateSoft.us
Registrant Address1:                         503 Charles Place
Registrant City:                             Brandon
Registrant State/Province:                   FL
Registrant Postal Code:                      33511
Registrant Country:                          United States
Registrant Country Code:                     US
Registrant Phone Number:                     +1.8888751464
Registrant Facsimile Number:                 +1.8888751464
Registrant Email:                            scott.conley@ymail.com
Registrant Application Purpose:              P3
Registrant Nexus Category:                   C11
Administrative Contact ID:                   TUHOT1KP8KGEIHW3
Administrative Contact Name:                 Scott Conley
Administrative Contact Organization:         ReBateSoft.us
Administrative Contact Address1:             503 Charles Place
Administrative Contact City:                 Brandon
Administrative Contact State/Province:       FL
Administrative Contact Postal Code:          33511
Administrative Contact Country:              United States
Administrative Contact Country Code:         US
Administrative Contact Phone Number:         +1.8888751464
Administrative Contact Facsimile Number:     +1.8888751464
Administrative Contact Email:                scott.conley@ymail.com
Administrative Application Purpose:          P3
Administrative Nexus Category:               C11
Billing Contact ID:                          TUHOT1KP8KGEIHW3
Billing Contact Name:                        Scott Conley
Billing Contact Organization:                ReBateSoft.us
Billing Contact Address1:                    503 Charles Place
Billing Contact City:                        Brandon
Billing Contact State/Province:              FL
Billing Contact Postal Code:                 33511
Billing Contact Country:                     United States
Billing Contact Country Code:                US
Billing Contact Phone Number:                +1.8888751464
Billing Contact Facsimile Number:            +1.8888751464
Billing Contact Email:                       scott.conley@ymail.com
Billing Application Purpose:                 P3
Billing Nexus Category:                      C11
Technical Contact ID:                        TUMSM4HJFHCCWKMY
Technical Contact Name:                      NIC OpenSRS Technical Contact
Technical Contact Organization:              SoftCom Technology Consulting Inc.
Technical Contact Address1:                  310-10 Bay St.
Technical Contact City:                      Toronto
Technical Contact State/Province:            ON
Technical Contact Postal Code:               M5J2R8
Technical Contact Country:                   Canada
Technical Contact Country Code:              CA
Technical Contact Phone Number:              +1.4169577400
Technical Contact Facsimile Number:          +1.4169577401
Technical Contact Email:                      nicopensrs[]softcomca.com
Technical Application Purpose:               P3
Technical Nexus Category:                    C11
Name Server:                                 NS1.REBATESOFT.US
Name Server:                                 NS2.REBATESOFT.US
Created by Registrar:                        TUCOWS INC.
Last Updated by Registrar:                   TUCOWS INC.
Domain Registration Date:                    Tue Aug 19 08:53:03 GMT 2008
Domain Expiration Date:                      Tue Aug 18 23:59:59 GMT 2009
Domain Last Updated Date:                    Sat Aug 23 20:40:37 GMT 2008

.
Records indicate that the fraud site REBATESOFT.US was hosted on IP 66.199.253.242 [66-199-253-242.reverse.ezzi.net] until ~12/29/2008:


EVENT DATE   STATUS       FROM          UPDATE  
.
2008-08-20    New           -none-        168.144.1.36  
.
2008-08-24    Change        168.144.1.36  66.199.253.242  
.
2008-12-29    Not Resolvable 66.199.253.242  -none-

MGD
EDIT= Added missing rebatesoft.us site image

Re: [Credit Card Fraud] Rebatesoft

Thu, 11 Dec 2008 17:23:57 EDT

gallowsroad posted : BOA told me that would not happen in this case, since the card was canceled right after the charge was made at the gas station. The said if the charge does not appear on our account by tomorrow a.m., it never will.

I'll call them back and verify this. I don't want the vendor to get stiffed, but I also don't want to pay twice.

Re: [Credit Card Fraud] Rebatesoft

Thu, 11 Dec 2008 15:56:31 EDT

nwrickert posted :

I'll have to go back to the gas station we stopped at last night because the charge we did there didn't show up on our account by this morning, and with the card now deactivated they won't get paid.

That's not so certain. Banks often roll these charges over to the replacement card (except for the suspicious charges).
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.4

Re: [Credit Card Fraud] Rebatesoft

Thu, 11 Dec 2008 14:45:59 EDT

gallowsroad posted : Update:

Talked to Fraud Claims at BOA today. Funds will be credited in 48 hours. They didn't need very much info from me to consider their investigation into my case "concluded". I wonder how many other complaints about Rebatesoft they have had so far. I asked, but they were noncommittal.

New card is on the way. I'll have to go back to the gas station we stopped at last night because the charge we did there didn't show up on our account by this morning, and with the card now deactivated they won't get paid.
--
Ha ha haaaaaaa....ever get the feeling you've been cheated?

- John Lydon, last Sex Pistols show

Re: [Credit Card Fraud] Rebatesoft

Thu, 11 Dec 2008 01:35:59 EDT

MGD posted :

said by gallowsroad:

EDIT: To add, that my wife and I are very careful with computers, and our machines at home and hers at her work are secured. We type in bank addresses directly using Firefox, keep that and Windows updated, use AV and firewalls, and so forth. I am fairly certain the number was obtained some other way then directly from one of the computers we use.
.....

Yes Indded, I am also convinced that it was obtained outside of your control. I merely included that possibility as a part of an overall generic response to how your card data "could" be compromised. By a vast margin in terms of volume, the majority of hijacked card data is obtained from sources outside of the card holder's control.

said by gallowsroad:

....Phone number is:

866-644-0642

That came from BOA rep.

Wow, and wow !, while only one report shows up directly under the number on 800notes.com: 800notes.com:, that 866-644-0642 number is however embedded within 17 pages of fraud reports of another number 800-764-0847 that begin HERE. Exactly the same process of pinging first, then high dollar charges shortly afterwards.

This is actually quiet large, since those 17 pages of fraud reports accrued within the past month. Many of those reports are initially for a ping charge of anywhere from $0.13 to $0.17 from 1-800-764-0847 TX GFDL However, there are other names too, all with short lived 800 numbers. Many have the same CCBILLEU in common also. By the way, originally CCBILL got its start billing for the online Porn Industry.

This must be a rather large haul, with that many reports over such a short period. You can easily multiply by several thousand for each report to estimate the total.

It is possible that the accounts generating the dime sized pings may actually be hijacked merchant accounts, since the cost of validation and processing exceeds the charged amount. Someone will have a bill for several thousand at the end of the month. That is just one plausible scenario here. It needs a lot more looking at to start forming good conclusions.

said by gallowsroad:

.... Card has been canceled and will be replaced. I can't talk to the Claims Unit until tomorrow morning about the fund being returned to my account.
..

Excellent, and good prompt catch. Thanks also for bringing it up, this appears to be a large operation, and needs a closer look.

MGD

Re: [Credit Card Fraud] Rebatesoft

Thu, 11 Dec 2008 00:19:36 EDT

gallowsroad posted : Phone number is:

866-644-0642

That came from BOA rep.

Card has been canceled and will be replaced. I can't talk to the Claims Unit until tomorrow morning about the fund being returned to my account.

The card has been used over the Net, but only with a few, large mainstream retailers. It does get fairly heavy use in person for grocery shopping, gas, and the like.

Rebatesoft.com looks very fishy - hardly any software actually for sale, but many pleas to contact them for prices. No phone number posted anywhere on their site.

EDIT: To add, that my wife and I are very careful with computers, and our machines at home and hers at her work are secured. We type in bank addresses directly using Firefox, keep that and Windows updated, use AV and firewalls, and so forth. I am fairly certain the number was obtained some other way then directly from one of the computers we use.

--
Ha ha haaaaaaa....ever get the feeling you've been cheated?

- John Lydon, last Sex Pistols show

Re: [Credit Card Fraud] Rebatesoft

Wed, 10 Dec 2008 23:52:11 EDT

MGD posted :

said by gallowsroad:

A $7.50 charge from REBATESOFT in MA appeared on my debit card on 11-24.

Called BOA, and they gave me a phone number which is out of service......

Post the phone number, please.

If you have not done so already, call BOA back and have your card number cancelled immediately and re issued. It is a debit card and charges are removed from your account upon submission.

said by gallowsroad:

.... What's the deal?

Your card data has been compromised, therefore the card should be replaced ASAP, if not sooner. That charge could be a test charge to validate the data as current, and be the precursor of larger fraud charges that may already be in process.

said by gallowsroad:

....How'd they get my info?

Excellent question, not much to go on. Since you still have your card in your possesion the possibilities are: You were phished and entered your card data on a fake BOA website. From an online transaction that was subsequently hijacked from the vendor, card processor, etc. The data was entered or stored on a computer that was infected by a keylogger or other trojan.

Some other possibilities can be eliminated because you are not the only one who has been hit by fraud charges from REBATESOFT. That jury is still out on whether that business is a knowing participant or are them selves a victim:

Though »www.rebatesoft.com/ has a two year domain registration (positive) going back to Feb. of 2007 which long predates fraud reports. They do however have a domains by proxy cloaked privacy registration (very negative)

quote:
Registrant:
Domains by Proxy, Inc.

DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com, Inc.
Domain Name: REBATESOFT.COM
Created on: 26-Feb-07
Expires on: 26-Feb-09
Last Updated on: 22-Sep-07

No contact phone number or address listed on the site. Though it does have this cryptic message:

quote:
If you have any questions about our website or any of the products, please use the form below to contact us .
Please don't forget to mention your e-mail address because we cannot contact you without an e-mail address.

Avoid of Fraudsters. Please note what Rebatesoft.com not charge anybody credit cards. All payments going via RegNow.com system. Beware of the fraudsters!

»www.rebatesoft.com/contactus.php

Since there does not appear to be any product on their site for $7.50 that I can find, it is possible that cybercriminals could have injected a script to test cards using their previous set up. Again, it is difficult to tell what the real story is, or even if it was through them at all.

Legit online vendors especially for intangibles, can become victims of fraudusters who run cards thorugh their site. This one makes it difficult to assign any legitimacy to because of the cloaked domain. There is never a valid reason for any website engaged in ecommerce to have a hidden registration, period. In fact, merchant accounts and thrid party card processing should never be allowed when the domain has such a status. Not only should the domian be open,but there should be detailed contact info listed on the site.

By the way, I am presuming the charge is coming from rebatesoft.com and not rebatesoft.us, because there are numerous other complaints also. See: »www.debtconsolidationcare.com/pu···482.html

One victim reported:

quote:
..yes, I got hit on nov. 9 2008, $7.50 charge. also got hit for some international charges CCBILLEU.COM +18885969 VALETTA MLT and CCBill.com 888-5969279 AZ soon after.

There are a host of long term fraud reports of several hundred dollar charges originating from the processor CCBILLEU.COM in Valetta, the capital of the island of Malta. That is the EU branch of the US processor "CCBILL"
»www.complaintsboard.com/complain···044.html
and:
»www.ripoffreport.com/reports/0/3···8723.htm

MGD

[Credit Card Fraud] Rebatesoft

Wed, 10 Dec 2008 22:10:20 EDT

gallowsroad posted : A $7.50 charge from REBATESOFT in MA appeared on my debit card on 11-24.

Called BOA, and they gave me a phone number which is out of service.

What's the deal?

How'd they get my info?
--
Ha ha haaaaaaa....ever get the feeling you've been cheated?

- John Lydon, last Sex Pistols show